Rapid identification of message authentication

ABSTRACT

Techniques are presented for uniquely identifying authentication associated with messages. A message is inspected for sender or domain identifying information associated with a sender of the message or a sender&#39;s domain. The identifying information is authenticated, and if authentication, then distinctive metadata is associated with the message. The distinctive metadata is presented or played in connection with the message for purposes of readily identifying the authentication.

RELATED APPLICATIONS

The present application is a continuation-in part and claims priority toco-pending U.S. patent application Ser. No. 10/778,956, filed on Feb.12, 2004, entitled “Method and Apparatus for Implementing a MicropaymentSystem to Control Email Spam;” the disclosure of which is incorporatedby reference herein in its entirety.

FIELD

The invention relates generally to network security and moreparticularly to message authentication mechanisms.

BACKGROUND

Electronic mail (email) communication is becoming increasingly pervasivethroughout the world. Enterprises rely on email to conduct business,governments rely on email to communicate, and individuals rely on emailto conduct their affairs.

In recent years, email communication has expanded to include InstantMessaging (IM) and Text Messaging. Communications now use any computer(processing device) or combination of portable devices that may interactwirelessly or interact over a combination of wired and wirelessnetworks. Some techniques also use groupware where more than two or morepeople interact with one another via direct communications. Thesetechniques present real-time or near real-time communication withindividuals via their portable devices, such as Personal DigitalAssistants (PDA's), phones, etc. IM has also become popular in virtualcommunities, where members interact with one another electronically inuser-formed communities, associations, or groups.

Unfortunately, mass marketers and nefarious individuals have watereddown the usefulness of email communication. That is, spam, Phishingtechniques, and even computer viruses are now regularly proliferated viaemail. As a result, many individuals and entities have invested inexpensive filtering mechanisms and/or have limited the extent to whichthey may view their messages. In some cases, individuals may even carrymultiple email accounts and may only view some of their email accountson a very infrequent basis. These situations make it difficult forlegitimate enterprises to reach their customers/clients.

In effect, individuals have become desensitized to their email becausetheir inboxes are bursting with far too many junk emails of no value tothem or even worse potentially harmful to them. Harmful emails caninclude such things as viruses that damage a users' device or files orPhishing emails that link a user to a bogus World-Wide Web (WWW) sitefor purposes of obtaining confidential information about the user. Thelatter technique is often used to illegally access financial accountsand/or to assume an online identity of a user.

SUMMARY

In various embodiments, techniques are presented for rapididentification of message authentication. In one embodiment a method isprovided that identifies a message directed to a recipient anddetermines when the message includes identifying information associatedwith a sender of that message. When the identifying information ispresent, an external service is requested to authenticate an identity ofthe sender and to provide distinctive metadata with the message forpurposes of uniquely identifying the sender to the recipient.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram of method for rapidly identifying messageauthentication, according to an example embodiment.

FIG. 2 is a diagram of another method for rapidly identifying messageauthentication, according to an example embodiment.

FIG. 3 is a diagram of a message authentication system, according to anexample embodiment.

DETAILED DESCRIPTION

FIG. 1 is a diagram of method 100 for rapidly identifying messageauthentication, according to an example embodiment. The method 100(hereinafter “message authentication service”) is implemented asinstructions in a machine-accessible and readable medium. Theinstructions when accessed by a machine perform the processing depictedin FIG. 1. The message authentication service is also operable over anetwork, and the network may be wired, wireless, or a combination ofwired and wireless.

Initially, a message, such as an electronic mail (email), message isconstructed by a sender using a sender's message client or messagingservice and is sent over a network, such as the Internet, to arecipient. The header information associated with the message caninclude a variety of information that the message authentication servicemay subsequently detect and use for purposes of ensuring that themessage is authenticated.

For example, the message may include a signature, a key, such as apublic key of a domain or of a specific sender. Alternatively, themessage may include a serial number. In some cases, the message may justinclude the domain path from an originating sender's messaging serverthat the message originated from. In still other situations, the headermay include a variety or multiple types of information that may berelevant to authentication of either the sender or the domain of thesender.

The message client of the sender may or may not be modified to includethe additional information (herein referred to as “identifyinginformation”) included in the header of a message. That is, the messageclient may be designed to cooperate and supply information expected bythe message authentication service or the message client may becompletely unaware of the message authentication service and mayconstruct and send messages in a normal fashion having normal headerinformation assembled by the sender's messaging client.

When the message is received on or within the environment of therecipient of the message, the message authentication service interceptsand initially inspects the message. This may be achieved via a priorconfiguration with the messaging client of the recipient or may beachieved via a reverse or transparent proxy arrangement, where themessage authentication service operates unbeknownst to the recipient'smessaging client and intercepts and inspects headers of receivedmessages, which are directed to a recipient.

The processing of the message authentication service is designed torapidly authenticate a received message's sender and/or a sender'sdomain. It is noted that only identified domains or senders may beauthenticated and inspected by the message authentication service. Thatis, some messages may process normally in the recipient's messagingclient without authentication techniques (described more completelybelow) being performed by the message authentication service. Thespecific senders or domains that are authenticated may be identifiedaccording to custom rules or policies. This permits some messages toprocess normally whereas others are selectively processed in the mannersdescribed more completely below.

With this initial context, the processing of the message authenticationservice will now be discussed with reference to FIG. 1. At 110, themessage authentication service identifies a message that is beingdirected to a recipient. This identification process may occur in avariety of manners. For example, the message authentication service mayintercept the message before it is received by a messaging client of therecipient. Alternatively, the message authentication service maycooperate and integrate with at least some processing of the recipient'smessaging client to detect and identify the received message.

At 120, the message authentication service determines when a messageincludes identifying information that the message authentication serviceis interested in knowing about. The identifying information may, at 121,be located, detected, or discovered according to rules or policies, andthese rules or policies may be associated with a specific sender, aspecific domain, and/or a specific recipient. In some cases, at 122, theidentifying information is detected by inspecting the header of amessage for a key, a signature, serial number, or various combinationsof these things representing the identifying information. It is alsonoted that the identifying information may be a path for a domain or maybe a custom hash or encryption key as well. The identifying informationwas previously inserted by the messaging client of the sender either innormal manners or in a custom manner designed to interact and cooperatewith the processing of the message authentication service.

At 130, the message authentication service makes a request to anexternal service to authenticate an identity of the sender or anidentity of the domain associated with the sender by supplying theidentifying information parsed from the message or header of themessage. Again, policies or rules may drive the specific identity of theexternal authentication service and the technique that is to beperformed to authenticate the sender or the domain of the sender.

For example, suppose that the identifying information is a signatureassociated with America Online, such that America Online or Verisign®can be consulted to acquire a key, which was previously used to generatea signature value that is included in the message header. Theindependently acquired key is then used to generate an independentsignature value from the message text and/or header, which can then becompared to a signature value supplied as the identifying informationwith the message or message header. If a match occurs than this type ofauthentication technique may be viewed as successful.

It is noted that the type of authentication and the level of confidenceassociated with the authentication are customizable and may be alteredaccording to rules or policies. So, multiple levels of authentication,strong authentication, or weak authentication may be used according tosubscription services and rules or policies for any given recipient,sender, and/or domain.

As another example, consider a message that is encrypted with public andprivate key encryption. The public key of the recipient may be used incombination with a private key of the sender or domain and used toencrypt the entire message text. The type of authentication may belisted as the identifying information in the header of the message andthe message authentication service may consult an external service todecrypt the message using a server-administered private key for thesender or domain. If decryption occurs, then authentication wassuccessful. This type of authentication may be viewed as stronger sincedual key encryption is used and since the server administers andmaintains the private keys without distributing them and supplies adecryption service that decrypts the encrypted message text on behalf ofthe recipient. Alternatively, a service may provide the public key anddecryption can be done independently by an administrator. For example,decryption could be done locally by a user's or recipient's machine,device, or locally accessible devices.

In fact, a variety of identifiers and authentication may be used. Thedegree of complexity and level of security are customizable and can beintegrated with the teachings presented herein.

At 140, the message authentication service provides distinctive metadatathat is to be associated with the received message when the identity ordomain of the sender is properly authenticated. The distinctive metadatapermits a recipient to rapidly discern that the message has beenauthenticated with respect to either the sender or the domain or boththe sender and the domain. Moreover, the distinctive metadata can changeover time. For instance, an enterprise may change its logo. So, thedistinctive metadata does not have to be viewed as being static, in somecases policies may permit it to be dynamically updated or altered asneeded or desired. It is also noted that the distinctive metadata isdisplayed within the inbox of the messaging client for the recipient anddoes not have to be displayed within the message itself.

For example, at 141, a portion of the distinctive metadata may be agraphic trademark icon or image associated with a domain of the sender.So, if the domain is America Online®, a portion of the distinctivemetadata may be a trademark logo image associated with American Online®.It is noted, that the graphical image or icon does not have to beassociated with an enterprise, it may just as easily be associated witha specific individual. In some cases, the image or icon may beassociated with a specific email address and multiple individuals mayshare the same email address. So, the degree of specificity may becustomized. Graphic image or icon customization may occur at the emaillevel, at email aggregation levels for groups, at the domain level, atsub domain levels, etc. Moreover, the specific graphical image or iconmay be customized and assigned by either the recipient or the senderaccording to their own desired profiles. Moreover, multiple domains thatare identified with a specific enterprise may be mapped to a singlegraphical icon or image for that enterprise.

According to an embodiment, at 142, a variety of more detailedinformation may also be associated with various other portions of thedistinctive metadata. For instance, a specific authentication type, anidentity for the sender, an identity for the sender's domain, and/or adate and time that authentication was performed. In fact, the detailedinformation may also include other related information such as hypertextlinks to other information or to recipient-defined custom information.The detailed information may be presented when the recipient brings thegraphical image or icon into focus within the recipient's messagingclient. For example, a mouse may be situated over an icon and when thisoccurs focus is directed to the distinctive metadata and the additionalinformation is depicted for the recipient to view. In other cases, thegraphical icon is selectable such that when it is double-clicked on thedetailed information pops up in another window for the recipient toview.

In fact, the distinctive metadata does not have to exclusively belimited to graphical images. At 150, the metadata may be represented asan audible sound or jingle, a unique vibration, or even a distinct odor.So, the distinctive metadata may be used to drive aspects of devicesthat may cause the devices to perform some other operation, such asvibrate, play a tune, or emit an odor.

The point is that the identifying information included and detected withthe message is validated or authenticated according to policy or ruleand then other policies or rules permit distinctive metadata to beassociated with successful validation or authentication. The distinctivemetadata is then integrated into features of the recipient's messagingclient to rapidly communicate to the recipient that the message isauthentic. The degree of information presented and the manner in whichthe presentation is made is also configurable according to one or morerules or policies.

In an embodiment, at 160, the recipient's messaging client may also beconfigured to include distinctive metadata for each message received inspite of the fact that some messages may not actually participate in theauthentication process described above. In such scenarios, the messageauthentication service may produce a generic graphical icon and add itto a non participating message's metadata. This generic graphical iconmay be used to rapidly alert the recipient to the fact that a particularmessage did not undergo the normal authentication process. The recipientmay then decide to route such messages to predefined folders for furtherprocessing, such as virus scans, spam filters, etc., or may elect todiscard or view the messages at the recipient's own peril.

In this manner, a recipient may be capable of readily discerning from alisting of messages which messages are authenticated and which are not;and, in the case of processing at 150, graphical information that ishighly likely to identify the sender (e.g., a bofa logo, etc.) Customfilters or routing algorithms may also be applied in response to themetadata added by the message authentication service, if desired by therecipient. Moreover, each message may be associated with differentdegrees of authentication and may include custom levels of informationin their metadata.

As an example application, consider a web-based email client thatpresents a listing of emails along with some message-client suppliedmetadata, such as sender identification, subject header, date and timereceived, etc. The processing of the message authentication service maybe integrated to sit on top of such a client to alter the presentationof the listing to include customized graphical images and customizedmetadata for messages that have been authenticated, or in some cases forall messages including those not participating. Each image may rapidlyidentify for the recipient the identity of the sender and/or theidentity of the domain used by the sender. The authentication mayinclude sender and domain, just the domain, or just the sender. Arecipient may also mouse over or select any given image and receiveother custom information from the custom metadata supplied by themessage authentication service. The recipient may also set up filters orrouting algorithms to automatically process messages in response toinformation included in the custom metadata. Such processing permitsrapid identification of message authentication from the perspective ofthe recipient.

It is also noted, that the message authentication service may actuallybe a remote service that is not directly installed within theenvironment of the recipient's message client. In such cases, a proxymay be used to detect messages and forward them to the remote messageauthentication service for generation of the custom and distinctmetadata. Another application may superimpose the custom and distinctmetadata in views presented by the recipient's message client. So, themessage authentication service does not have to be integrated andcoupled with the recipient's messaging client; although it can be.

It is also worth noting that techniques of the message authenticationservice are not specifically limited to email-based messaging. That is,any type of messaging such as IM and TM may be used and may benefit fromthe techniques presented herein. For example, a phone's TM or IMcapabilities may be augmented to process the message authenticationservice, such that authentication is rapidly identified via customvibrations and/or custom sounds and images.

FIG. 2 is a diagram of another method 200 for rapidly identifyingmessage authentication, according to an example embodiment. The method(hereinafter referred to a “message authentication identifying service”)is implemented as instructions in a machine-accessible and readablemedium and is accessible over a network. The network may be wired,wireless, or a combination of wired and wireless. The instructions whenaccessed by a machine perform the processing depicted in FIG. 2. Themessage authentication identifying service presents an alternativeprocessing perspective to what was presented above with respect to themethod 100 of the FIG. 1.

At 210, the message authentication identifying service receives an emailmessage from a sender. Again, receipt of this email may occur in avariety of manners, such as direct forwarding from a recipient's emailclient, interception of the message before being received by therecipient's email client, and the like.

At 220, the message authentication identifying service externallyauthenticates the sender and/or domain of the sender. That is, themessage authentication identifying service enlists the services of anexternal system or application to provide an indication that the emailreceived is in fact from a sender that it purports to be sent fromand/or is in fact coming from a domain that is trusted or known to beassociated with the sender or from an entity that the messageauthentication identifying service trusts.

According to an embodiment, at 221, the particular authenticationservice that the message authentication identifying service enlists helpfrom may be selected in response to a dynamically evaluated rule orpolicy. So, the message authentication identifying service maydynamically and in real time determine the identity of theauthentication service to request authentication from. Determination forthe rule or policy may be based on a variety of factors, such as theperceived identity of the sender, the perceived identity of the domain,a license agreement between the recipient and the message authenticationidentifying service, and the like.

At 230, the message authentication identifying service associatesdistinctive metadata for any authenticated sender and/or domain. Customand distinctive metadata is generated, acquired, or assigned to theemail in response to successful authentication. According to anembodiment, at 231, this may entail acquiring the metadata according torules associated with the sender, the recipient, and/or the domain ofthe sender.

In an embodiment, at 232, the metadata may be represented in a varietyof different manners or in a combination of manners. So, the metadatamay be represented as a graphical icon image, an audible sound, avibration, an odor, or various combinations of these things.

At 233, the metadata may also be represented as a composite datastructure so as to include a variety of additional beneficialinformation. For example, the composite data structure may includecustom information types that identify various types of informationincluded within the metadata (e.g., hypertext links, images, sounds,etc.). In some cases, the schema associated with the metadata may berepresented in as a Extensible Markup Language (XML) Schema Definition(XSD). This permits subsequent applications to automatically parse,recognize, integrate, and utilize the composite data structure in anautomatic, dynamic and real-time fashion.

In still more embodiments, at 234, the message authenticationidentifying service may represent different portions of the metadata toidentify the sender, the external authenticator (external authenticationservice used), and/or the domain of the sender. So, the metadata mayinclude a variety of useful information that the recipient may view oracquire in a variety of custom manners.

At 240, the message authentication identifying service presents thedistinctive metadata, or at least a portion of the distinctive metadata,in connection with one or more views of the email message that isprovided to the recipient. For example, at 250, a portion of the custommetadata may be a graphical icon associated with the identity of eitherthe sender or the domain of the sender or both. The graphical icon ispresented for viewing by the recipient within a summary or listing viewof the recipient's email inbox.

FIG. 3 is a diagram of a message authentication system 300, according toan example embodiment. The message authentication system 300 isimplemented in a machine-accessible and readable medium and isaccessible over a wired, wireless, or a combination of wired andwireless networks. The message authentication system 300 implements,among other things, the methods 100 and 200 presented above withreference to the FIGS. 1 and 2.

The message authentication system 300 includes a message authenticationservice 301 and a distinctive metadata service 302. Each of these willnow be discussed in turn.

The message authentication service 301 operates on top of or within anenvironment of a recipient's message client. As messages are receivedwithin the environment of the recipient, the message authenticationservice 301 is activated either directly or indirectly, such as viacalls from a proxy (reverse or transparent proxy). The messageauthentication service 301 interacts with one or more externalauthentication services for purposes of authenticating messages receivedwith respect to the identity of the sender, contents of the messageitself, and/or the identity of the sender's domain. Example processingfor parsing identifying information from messages and enlisting suchservices were discussed above in detail with respect to the methods 100and 200 of the FIGS. 1 and 2, respectively.

The contents of the messages may be authenticated by validatingsignatures supplied as identifying information with the messages.Another example of this would be to decrypt encrypted messages, validatekeys, validate serial numbers, etc. So, authentication may occur withrespect to the sender, the domain, or the contents (with successfulthird party decryption of the contents), or combinations of all three ofthese items.

In some cases, the message authentication service 301 intercepts oracquires messages and enlists the services of one or more externalauthentication services to authenticate messages before these messagesare presented to a recipient within a recipient's email or messageclient. It is noted that only selective messages have to be processed bythe message authentication service 301; that is, some messages may notbe processed or may be ignored or generically processed by the messageauthentication service 301. Such scenarios were described above withrespect to the method 100 and the FIG. 1. This may occur when arecipient desires that only certain domains or senders are to beprocessed or when a recipient desires to have all non participatingsenders or domains to be processed in a uniform manner so as to bereadily identified by the recipient.

In other cases, the message authentication service 301 may be configuredto request the external authentication or the messages when specificallyrequested to do so by a recipient and/or after the messages are viewedor accessible to the recipient. So, authentication does not have tooccur before the messages are processed; although this can occur in someembodiments.

The message authentication service 301 interacts with the distinctivemetadata service 302 for purposes of communicating authenticatedsenders, domains, or message contents. The distinctive metadata service302 may use one or more custom-defined rules or policies to generate oracquire distinctive metadata to associate with authenticated messages.

According to an embodiment, the distinctive metadata service 302 isexternal to the message authentication service 301. So, the distinctivemetadata service 302 may be its own distinct and generic server-basedservice that can be dynamically consulted and interacted with.

The distinctive metadata service 302 generates custom information for anauthenticated message that is associated with metadata for that message.The information may be a graphic icon or it may be a combination ofinformation. Additionally, the information may be a sound, a vibration,an odor, and the like. At least a portion of the information ispresented with the message and summary listings of the message withinthe recipient's message client for purposes of permitting the recipientto rapidly identify the message's authentication. Other portions of theinformation may be acquired and brought into focus by the recipient orwhen specifically requested by the recipient.

In some cases, the distinctive metadata service 302 may provide genericmetadata for messages not associated with the authentication of themessage authentication service 301. So, each message not processed bythe message authentication service 301 may receive its own genericidentifying information.

Example processing associated with the distinctive metadata service 302and the message authentication service 301 were presented above withrespect to the methods 100 and 200 of the FIGS. 1 and 2.

It is also noted that the metadata may be include a variety ofinformation that may be used to automatically filter or process themessages. Additionally, the messaging clients may include email, IM,and/or TM. The degree or authentication and level of metadatainformation and the manner in which it is presented with a message areall customizable and may be dynamically resolved according to rule orpolicy.

The above description is illustrative, and not restrictive. Many otherembodiments will be apparent to those of skill in the art upon reviewingthe above description. The scope of embodiments should therefore bedetermined with reference to the appended claims, along with the fullscope of equivalents to which such claims are entitled.

The Abstract is provided to comply with 37 C.F.R. §1.72(b) and willallow the reader to quickly ascertain the nature and gist of thetechnical disclosure. It is submitted with the understanding that itwill not be used to interpret or limit the scope or meaning of theclaims.

In the foregoing description of the embodiments, various features aregrouped together in a single embodiment for the purpose of streamliningthe disclosure. This method of disclosure is not to be interpreted asreflecting that the claimed embodiments have more features than areexpressly recited in each claim. Rather, as the following claimsreflect, inventive subject matter lies in less than all features of asingle disclosed embodiment. Thus the following claims are herebyincorporated into the Description of the Embodiments, with each claimstanding on its own as a separate exemplary embodiment.

1. A method, comprising: identifying a message directed to a recipient;determining when the message includes identifying information associatedwith a sender of the message; requesting an external service toauthenticate an identity of the sender when the identifying informationis present; and providing, when the identity is authenticated by theexternal service, distinctive metadata with the message to uniquelyidentify the sender to the recipient before the recipient opens themessage.
 2. The method of claim 1 further comprising at least one of:presenting the distinctive metadata as a unique graphical icon in asummary listing for the message; playing the distinctive metadata as anaudible jingle when the message is inserted into a message queue of therecipient; activating a device to emit a unique vibration associatedwith the distinctive metadata when the message is inserted into themessage queue of the recipient; and causing a distinctive odor to beemitted in response to the distinctive metadata when the message isinserted into the message queue of the recipient.
 3. The method of claim1, wherein determining further includes locating the identifyinginformation according to rules associated with at least one of thesender, the recipient, and a domain associated with the message.
 4. Themethod of claim 3, wherein providing further includes representing atleast a portion the distinctive metadata as a graphic trademarkassociated with the sender or the domain of the sender.
 5. The method ofclaim 4 further comprising, presenting more detailed informationassociated with the metadata when the graphic trademark is brought intofocus by the recipient, and wherein the more detailed informationincludes at least one of a type of authentication used by the externalservice, an external service identity, a date and a time whenauthentication was performed by the external service, a hypertext linkto additional information, and custom information defined according toone or more rules.
 6. The method of claim 1, wherein determining furtherincludes inspecting a header of the message for at least one of asignature, a key and a serial number, which represents the identifyinginformation.
 7. The method of claim 1 further comprising, adding ageneric graphical icon to the distinctive metadata when the message doesnot include the identifying information, and wherein the genericgraphical icon is presented with the message to the recipient to permitthe recipient to determine that no authentication took place with themessage.
 8. A method, comprising: receiving an electronic mail (email)message from a sender; externally authenticating the sender; associatingdistinctive metadata for the authenticated sender; and presenting thedistinctive metadata in connection with one or more views of the emailmessage provided to a recipient of the email message.
 9. The method ofclaim 8, wherein associating further includes acquiring the distinctivemetadata according to one or more rules associated with at least one ofthe sender, the recipient, and a domain of the sender.
 10. The method ofclaim 8, wherein associating further includes representing thedistinctive metadata as at least one of a unique graphical icon, aunique audible sound, a unique vibration, and a unique odor.
 11. Themethod of claim 8, wherein associating further includes representing thedistinctive metadata as composite data structure including custom typesof information, wherein each different custom type of information ispresented to the recipient according to a state associated with thedistinctive metadata.
 12. The method of claim 8, wherein externallyauthenticating further includes selecting an authentication service toperform authentication in response to a rule or policy.
 13. The methodof claim 8, wherein associating further includes representing differentportions of the distinctive metadata to identify at least one of anidentity of the sender, an identity of an external authenticator, and anidentity of a domain of the sender.
 14. The method of claim 8, whereinpresenting further includes presenting the distinctive metadata as acustom graphical icon associated with a domain of the sender within asummary view of the recipient's email inbox.
 15. A system, comprising: amessage authentication service; and a distinctive metadata service,wherein the message authentication service is to identify emails havingidentifying information and to request authentication for senders of theemails, and wherein the message authentication service is to interactwith the distinctive metadata service for authenticated senders toacquire and present custom and distinctive metadata for eachauthenticated sender in a message client associated with a recipient.16. The system of claim 15, wherein the distinctive metadata service isexternal to the message authentication service.
 17. The system of claim15, wherein the message authentication service interacts with one ormore external authentication services to perform authentication on theemails.
 18. The system of claim 15, wherein the message authenticationservice is to intercept emails sent to the message client and requestthe authentication of the senders before the emails are processed by themessage client and before the emails are viewable by the recipientwithin the message client.
 19. The system of claim 15, wherein thedistinctive metadata service is to provide generic metadata for anysenders not authenticated, and wherein the message client is adapted topresent the generic metadata with the appropriate emails associated withnon authenticated senders.
 20. The system of claim 15, wherein thecustom and distinct metadata includes at least one of a custom graphicalicon, a unique vibration, a unique sound, and a unique odor.
 21. Thesystem of claim 15, wherein the message authentication service is torequest the authentication of the senders after the emails are presentedand accessible to the recipient.
 22. A method, comprising: receiving anelectronic mail (email) message from a sender; externally authenticatingthe sender; associating distinctive metadata for the authenticatedsender; and using the distinctive metadata to separate or filter otheremail messages and the email message provided to a recipient intocategories, folders, or buckets of information.